The advertisements for the latest smartphones from Samsung, LG, HTC and Apple entice consumers with features like removable batteries, water resistance, longer battery life, better cameras, and sleeker designs. Security, however, is rarely mentioned in the ads. Blackberry is a brand name everyone recognizes, and while used almost exclusively by the government and Blackberry loyalists, few outside that realm realize the company still makes smartphones for the average consumer. John Chen, CEO of Blackberry, is working to turn the company into an innovative cybersecurity company. As part of that plan, the company is dabbling in more secure smart phones and has created new cybersecurity services.
Within days of discovery, Heartbleed burst into popularity on the news and social media. This named bug eclipsed previous vulnerabilities in terms of impact and awareness — alerting engineers, technicians, and IT personnel to protect their vulnerable systems. However, most do not remember Heartbleed for the exact technical details, but rather the colossal awareness campaign that rocked mainstream media, which normally does not concern itself with software bugs. Other serious software glitches in the past have been cause for alarm; what warranted, or enabled, the massive “media explosion” of coverage for Heartbleed? How does the usage of marketing tactics help or harm the cause of vulnerability reporting? Finally, two years later, how have companies attempted to imitate this style of vulnerability marketing popularized by Heartbleed?
We recently published our high level summary of work done in conjunction with the Department of Homeland Security’s Regional Resiliency Assessment Program. The project was centered on the Ashburn, VA area’s Internet Infrastructure. You can read the full summary here.
Internet infrastructure is highly distributed among different private and public sector entities. Networks using TCP are highly resistant to failures when multiple paths from sender to receiver exist. TCP’s resilience has the potential to fail if a concentration of high-capacity routes between a particular sender and receiver become unavailable.
Securing consumer automobiles against potential cyber attacks is a research goal that has attracted a lot of attention from industry, academia, government and the media in the past few years. A number of flashy examples of car hacking have circulated around tech websites, traditional news outlets, and even local nightly news broadcasts. Perhaps the largest and most alarming of these was the remote exploit performed on a Jeep while a reporter from Wired was driving it. The researchers, Miller and Valasek, were able to exploit a zero-day (a vulnerability that Jeep wasn’t aware of at the time) in the vehicle’s infotainment system to remotely send CAN bus commands that would kill the engine or cause other nuisances. Based on this media interest and the growth of research activity, vehicle cybersecurity is a problem that a lot of people are starting to look at closely. Much of this work takes the form of, “how can we better secure the CAN bus?” However, what if instead of adding security on top of CAN, we stop using CAN altogether? The two main alternatives to the CAN bus network that have been proposed are FlexRay and Ethernet.